Jump to content


Recommended Posts


I'm also suffering from this infection after running a bad application. MBSA scans confirm cleans, but the infection remains. Comodo Internet didn't spot it so I installed Avast. After rebooting the AV was disabled and couldn't be restarted so I replaced with FSecure AV trial. Again, virus removal confirmed (Exploit.PDF-JS.Gen), but multiple Trojan.Generic.KD.374 infections appear to be continually found and removed (how do you get the logs in fsecure trial AV, ie export/txt?!)

Hyperlinks in Firefox still SOMETIMES take me to erroneous sites , chrome was removed because nothing's happening (kill pages prompt following no response), and MBSA / SuperAntispyware still find various nastys.

Kaspersky? AVG?! ComboFix won't run, and I'm ready to restore from a backup using Acronis TrueImage, but don't know if theat will fix...

mbam /sas logs attached (rebooting to complete mbsa clean + run mgtools ... again!)



Link to post
Share on other sites

HJT log

Logfile of HijackThis v1.99.1

Scan saved at 12:11:15, on 04/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:








C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Common\FSHDLL32.EXE

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Program Files\Apoint\Apntex.exe



C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: Shell=Explorer.exe

O1 - Hosts: cddb.cddb.org

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKCU\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.